thunderbird

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Standalone mail and news reader from mozilla.org
Version 52.8.0-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-707 52.7.0-2 52.8.0-1 Critical Fixed
AVG-663 52.6.0-2 52.7.0-1 Critical Fixed
AVG-530 52.4.0-2 52.5.0-1 Critical Fixed
AVG-441 52.3.0-2 52.4.0-1 Critical Fixed
AVG-385 52.2.1-1 52.3.0-1 Critical Fixed
AVG-303 52.1.1-1 52.2.0-1 Critical Fixed
AVG-193 45.7.1-3 45.8.0-1 Critical Fixed
AVG-158 45.6.0-1 45.7.0-1 Critical Fixed
AVG-91 45.5.0-1 45.5.1-1 Critical Fixed
Issue Group Severity Remote Type Description
CVE-2018-5185 AVG-707 Low Yes Information disclosure
A security issue has been found in Thunderbird before 52.8, where plaintext of decrypted emails can leak through by user submitting an embedded form.
CVE-2018-5184 AVG-707 High Yes Information disclosure
A security issue has been found in Thunderbird before 52.8, where using remote content in S/MIME encrypted messages can lead to the disclosure of plaintext...
CVE-2018-5183 AVG-707 Critical Yes Arbitrary code execution
Several memory corruption issues including invalid buffer reads and writes during graphic operations have been found in the Skia library.
CVE-2018-5178 AVG-707 Medium Yes Information disclosure
A buffer overflow was found in Thunderbird before 52.8, during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data....
CVE-2018-5170 AVG-707 Medium Yes Content spoofing
It is possible in Thunderbird before 52.8 to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening...
CVE-2018-5168 AVG-707 Medium Yes Access restriction bypass
Sites can bypass security checks on permissions to install lightweight themes in Firefox before 60.0 and Thunderbird before 52.8, by manipulating the...
CVE-2018-5162 AVG-707 Medium Yes Information disclosure
A security issue has been found in Thunderbird before 52.8, where plaintext of decrypted emails can leak through the src attribute of remote images, or links.
CVE-2018-5161 AVG-707 Medium Yes Denial of service
A security issue has been found in Thunderbird before 52.8, where crafted message headers can cause a Thunderbird process to hang on receiving the message.
CVE-2018-5159 AVG-707 High Yes Arbitrary code execution
An integer overflow vulnerability has been found in the Skia library used in Firefox < 60.0 and Thunderbird < 52.8, due to 32-bit integer use in an array...
CVE-2018-5155 AVG-707 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 60.0 and Thunderbird < 52.8, while adjusting layout during SVG animations with text paths.
CVE-2018-5154 AVG-707 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 60.0 and Thunderbird < 52.8, while enumerating attributes during SVG animations with clip paths.
CVE-2018-5150 AVG-707 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 60.0 and Thunderbird before 52.8. Some of these bugs showed evidence of memory corruption and...
CVE-2018-5146 AVG-663 Critical Yes Arbitrary code execution
An out of bounds memory write vulnerability has been discovered in libvorbis before 1.3.6 while processing Vorbis audio data related to codebooks that are...
CVE-2018-5145 AVG-663 Critical Yes Arbitrary code execution
Various memory safety bugs have been found in Thunderbird < 52.7.0, some of them presenting evidence of memory corruption. Mozilla presumes that with enough...
CVE-2018-5144 AVG-663 High Yes Arbitrary code execution
An integer overflow can occur during conversion of text to some Unicode character sets in Thunderbird < 52.7.0, due to an unchecked length parameter.
CVE-2018-5129 AVG-663 High No Access restriction bypass
A lack of parameter validation on IPC messages results in a potential out-of-bounds write in Thunderbird < 52.7.0, through malformed IPC messages. This can...
CVE-2018-5127 AVG-663 Critical Yes Arbitrary code execution
A buffer overflow can occur in Thunderbird < 52.7.0 when manipulating the SVG animatedPathSegList through script. This results in a potentially exploitable crash.
CVE-2018-5125 AVG-663 Critical Yes Arbitrary code execution
Various memory safety bugs have been found in Thunderbird < 52.7.0 and Firefox < 59.0, some of them presenting evidence of memory corruption. Mozilla...
CVE-2017-7830 AVG-530 High Yes Same-origin policy bypass
The Resource Timing API in Firefox before 57.0 and Thunderbird before 52.5 incorrectly revealed navigations in cross-origin iframes. This is a same-origin...
CVE-2017-7828 AVG-530 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur in Firefox before 57.0 and Thunderbird before 52.5 when flushing and resizing layout because the PressShell object...
CVE-2017-7826 AVG-530 Critical Yes Arbitrary code execution
Several reported memory safety bugs have been found in Firefox before 57.0 and Thunderbird before 52.5. Some of these bugs showed evidence of memory...
CVE-2017-7824 AVG-441 Critical Yes Arbitrary code execution
A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content in Thunderbird < 52.4. This is due to...
CVE-2017-7823 AVG-441 Medium Yes Cross-site scripting
The content security policy (CSP) sandbox directive in Thunderbird < 52.4  did not create a unique origin for the document, causing it to behave as if the...
CVE-2017-7819 AVG-441 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from...
CVE-2017-7818 AVG-441 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the...
CVE-2017-7814 AVG-441 Medium Yes Access restriction bypass
A security issue has been found in Thunderbird < 52.4. File downloads encoded with blob: and data: URL elements bypassed normal file download checks though...
CVE-2017-7810 AVG-441 Critical Yes Arbitrary code execution
Mozilla developers and community members Christoph Diehl, Jan de Mooij, Jason Kratzer, Randell Jesup, Tom Ritter, Tyson Smith, and Sebastian Hengst reported...
CVE-2017-7809 AVG-385 Critical Yes Arbitrary code execution
A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, when an editor DOM node is deleted prematurely during tree traversal while...
CVE-2017-7807 AVG-385 High Yes Content spoofing
A domain hijacking flaw has been found in firefox < 55.0 and thunderbird < 52.3. A mechanism that uses AppCache to hijack a URL in a domain using fallback...
CVE-2017-7805 AVG-441 Critical Yes Arbitrary code execution
A security issue has been found in Thunderbird < 52.4. During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved...
CVE-2017-7803 AVG-385 Medium Yes Access restriction bypass
A security issue has been found in firefox < 55.0 and thunderbird < 52.3. When a page’s content security policy (CSP) header contains a sandbox directive,...
CVE-2017-7802 AVG-385 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in firefox < 55.0 and thunderbird < 52.3, when manipulating the DOM during the resize event of an image...
CVE-2017-7801 AVG-385 Critical Yes Arbitrary code execution
A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, while re-computing layout for a marquee element during window resizing where...
CVE-2017-7800 AVG-385 Critical Yes Arbitrary code execution
A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, in WebSockets, when the object holding the connection is freed before the...
CVE-2017-7793 AVG-441 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur in the Fetch API of Thunderbird < 52.4, when the worker or the associated window are freed when still in use,...
CVE-2017-7792 AVG-385 High Yes Arbitrary code execution
A buffer overflow has been found in firefox < 55.0 and thunderbird < 52.3, when viewing a certificate in the certificate manager if the certificate has an...
CVE-2017-7791 AVG-385 Medium Yes Content spoofing
A content spoofing issue has been found in firefox < 55.0 and thunderbird < 52.3. On pages containing an iframe, the data: protocol can be used to create a...
CVE-2017-7787 AVG-385 High Yes Same-origin policy bypass
Same-origin policy protections can be bypassed in firefox < 55.0 and thunderbird < 52.3, on pages with embedded iframes during page reloads, allowing the...
CVE-2017-7786 AVG-385 Critical Yes Arbitrary code execution
A buffer overflow has been found in firefox < 55.0 and thunderbird < 52.3, when the image renderer attempts to paint non-displayable SVG elements. This...
CVE-2017-7785 AVG-385 Critical Yes Arbitrary code execution
A buffer overflow has been found in firefox < 55.0 and thunderbird < 52.3, when manipulating Accessible Rich Internet Applications (ARIA) attributes within...
CVE-2017-7784 AVG-385 Critical Yes Arbitrary code execution
A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, when reading an image observer during frame reconstruction after the...
CVE-2017-7779 AVG-385 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in firefox < 55.0 and thunderbird < 52.3. Some of these bugs showed evidence of memory corruption and we presume...
CVE-2017-7778 AVG-303 High Yes Arbitrary code execution
An out-of-bounds write has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in lz4::decompress.
CVE-2017-7777 AVG-303 High Yes Information disclosure
An use of initialized memory has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in GlyphCache::Loader::read_glyph.
CVE-2017-7776 AVG-303 High Yes Information disclosure
A heap-buffer-overflow read has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in Silf::getClassGlyph.
CVE-2017-7775 AVG-303 High Yes Denial of service
An assertion failure has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2.
CVE-2017-7774 AVG-303 High Yes Information disclosure
An out-of-bounds read has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in Silf::readGraphite.
CVE-2017-7773 AVG-303 High Yes Arbitrary code execution
A heap-buffer-overflow write has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in lz4::decompress.
CVE-2017-7772 AVG-303 High Yes Arbitrary code execution
A heap-buffer-overflow write has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in lz4::decompress.
CVE-2017-7771 AVG-303 High Yes Information disclosure
An out-of-bounds read has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in Pass::readPass.
CVE-2017-7764 AVG-303 Medium Yes Content spoofing
A security issue has been found in Firefox < 54.0 and Thunderbird < 52.2, where characters from the "Canadian Syllabics" unicode block can be mixed with...
CVE-2017-7758 AVG-303 High Yes Information disclosure
An out-of-bounds read vulnerability has been found in Firefox < 54.0 and Thunderbird < 52.2, with the Opus encoder when the number of channels in an audio...
CVE-2017-7757 AVG-303 High Yes Arbitrary code execution
A use after-free vulnerability has been found in Firefox < 54.0 and Thunderbird < 52.2, in IndexedDB when one of its objects is destroyed in memory while a...
CVE-2017-7756 AVG-303 High Yes Arbitrary code execution
A use after-free and use-after-scope vulnerability has been found in Firefox < 54.0 and Thunderbird < 52.2, when logging errors from headers for XML HTTP...
CVE-2017-7754 AVG-303 High Yes Information disclosure
An out-of-bounds read has been found in Firefox < 54.0 and Thunderbird < 52.2, with a maliciously crafted ImageInfo object during WebGL operations.
CVE-2017-7753 AVG-385 High Yes Information disclosure
An out-of-bounds read  has been found in firefox < 55.0 and thunderbird < 52.3, when applying style rules to pseudo-elements, such as ::first-line, using...
CVE-2017-7752 AVG-303 Medium Yes Arbitrary code execution
A use-after-free has been found in Firefox < 54.0 and Thunderbird < 52.2, during specific user interactions with the input method editor (IME) in some...
CVE-2017-7751 AVG-303 High Yes Arbitrary code execution
A use-after-free has been found in Firefox < 54.0 and Thunderbird < 52.2, in content viewer listeners.
CVE-2017-7750 AVG-303 High Yes Arbitrary code execution
A use-after-free has been found in Firefox < 54.0 and Thunderbird < 52.2, during video control operations when a <track> element holds a reference to an...
CVE-2017-7749 AVG-303 High Yes Arbitrary code execution
A user-after-free has been found in Firefox < 54.0 and Thunderbird < 52.2, when using an incorrect URL during the reloading of a docshell.
CVE-2017-5472 AVG-303 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 54.0 and Thunderbird < 52.2, in the frameloader during tree reconstruction while regenerating CSS...
CVE-2017-5470 AVG-303 Critical Yes Arbitrary code execution
Several memory safety issues leading to arbitrary code execution have been found in Firefox < 54.0 and Thunderbird < 52.2.
CVE-2017-5410 AVG-193 Critical Yes Arbitrary code execution
Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for...
CVE-2017-5408 AVG-193 Medium Yes Information disclosure
Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential...
CVE-2017-5407 AVG-193 High Yes Information disclosure
Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user....
CVE-2017-5405 AVG-193 Low Yes Content spoofing
Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations.
CVE-2017-5404 AVG-193 Critical Yes Arbitrary code execution
A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This...
CVE-2017-5402 AVG-193 Critical Yes Arbitrary code execution
A use-after-free can occur when events are fired for a FontFace object after the object has been already been destroyed while working with fonts.
CVE-2017-5401 AVG-193 Critical Yes Arbitrary code execution
A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error.
CVE-2017-5400 AVG-193 Critical Yes Arbitrary code execution
JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks.
CVE-2017-5398 AVG-193 Critical Yes Arbitrary code execution
Several memory safety bugs, some of them leading to memory corruption issues have been found in Firefox < 52 and Thunderbird < 45.8.
CVE-2017-5396 AVG-158 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in the Media Decoder of Firefox < 51 and Thunderbird < 45.7, when working with media files when some events...
CVE-2017-5390 AVG-158 High Yes Privilege escalation
The JSON viewer in the Developer Tools in Firefox < 51 and Thunderbird < 45.7 uses insecure methods to create a communication channel for copying and...
CVE-2017-5383 AVG-158 Medium Yes Content spoofing
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display in Firefox < 51 and Thunderbird < 45.7,...
CVE-2017-5380 AVG-158 High Yes Arbitrary code execution
A potential use-after-free vulnerability during DOM manipulation of SVG content has been in Firefox < 51 and Thunderbird < 45.7.
CVE-2017-5378 AVG-158 High Yes Information disclosure
An information disclosure vulnerability has been found in Firefox < 51 and Thunderbird < 45.7, where hashed codes of JavaScript objects are shared between...
CVE-2017-5376 AVG-158 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 51 and Thunderbird < 45.7, while manipulating XSL in XSLT documents.
CVE-2017-5375 AVG-158 Critical Yes Arbitrary code execution
JIT code allocation in Firefox < 51 and Thunderbird < 45.7 can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks.
CVE-2017-5373 AVG-158 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox < 51 and Thunderbird < 47.5. Some of these bugs showed evidence of memory corruption and we presume...
CVE-2016-9079 AVG-91 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been discovered in the SVG Animation component of Firefox, leading to arbitrary code execution.

Advisories

Date Advisory Group Severity Description
21 May 2018 ASA-201805-21 AVG-707 Critical multiple issues
24 Mar 2018 ASA-201803-22 AVG-663 Critical multiple issues
30 Nov 2017 ASA-201711-43 AVG-530 Critical multiple issues
12 Oct 2017 ASA-201710-19 AVG-441 Critical multiple issues
23 Aug 2017 ASA-201708-18 AVG-385 Critical multiple issues
16 Jun 2017 ASA-201706-20 AVG-303 Critical multiple issues
10 Mar 2017 ASA-201703-2 AVG-193 Critical multiple issues
29 Jan 2017 ASA-201701-40 AVG-158 Critical multiple issues
01 Dec 2016 ASA-201612-2 AVG-91 Critical arbitrary code execution